remove node_service_account variable

Author: Ryan C Koch

README.md

@@ -43,23 +43,23 @@ module "gke" {
  subnetwork = "us-central1-01"
  ip_range_pods = "us-central1-01-gke-01-pods"
  ip_range_services = "us-central1-01-gke-01-services"
- node_service_account = "project-service-account@<PROJECT ID>.iam.gserviceaccount.com"
  http_load_balancing = false
  horizontal_pod_autoscaling = true
  kubernetes_dashboard = true
  network_policy = true
 
  node_pools = [
  {
- name = "default-node-pool"
- machine_type = "n1-standard-2"
- min_count = 1
- max_count = 100
- disk_size_gb = 100
- disk_type = "pd-standard"
- image_type = "COS"
- auto_repair = true
- auto_upgrade = true
+ name = "default-node-pool"
+ machine_type = "n1-standard-2"
+ min_count = 1
+ max_count = 100
+ disk_size_gb = 100
+ disk_type = "pd-standard"
+ image_type = "COS"
+ auto_repair = true
+ auto_upgrade = true
+ service_account = "project-service-account@<PROJECT ID>.iam.gserviceaccount.com"
  },
  ]
 
@@ -124,7 +124,6 @@ Then perform the following commands on the root folder:
 | node_pools_labels | Map of maps containing node labels by node-pool name | map | `<map>` | no |
 | node_pools_tags | Map of lists containing node network tags by node-pool name | map | `<map>` | no |
 | node_pools_taints | Map of lists containing node taints by node-pool name | map | `<map>` | no |
-| node_service_account | Service account to associate to the nodes. Defaults to the compute default service account on the project.) | string | `` | no |
 | node_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `` | no |
 | non_masquerade_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list | `<list>` | no |
 | project_id | The project ID to host the cluster in (required) | string | - | yes |

cluster_regional.tf

@@ -73,7 +73,7 @@ resource "google_container_cluster" "primary" {
  name = "default-pool"
 
  node_config {
- service_account = "${var.node_service_account}"
+ service_account = "${lookup(var.node_pools[0], "service_account", "")}"
  }
  }
 }
@@ -109,7 +109,7 @@ resource "google_container_node_pool" "pools" {
 
  disk_size_gb = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
  disk_type = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
- service_account = "${lookup(var.node_pools[count.index], "service_account", var.node_service_account)}"
+ service_account = "${lookup(var.node_pools[count.index], "service_account", "")}"
 
  oauth_scopes = [
  "https://www.googleapis.com/auth/cloud-platform",

cluster_zonal.tf

@@ -73,7 +73,7 @@ resource "google_container_cluster" "zonal_primary" {
  name = "default-pool"
 
  node_config {
- service_account = "${var.node_service_account}"
+ service_account = "${lookup(var.node_pools[0], "service_account", "")}"
  }
  }
 }
@@ -109,7 +109,7 @@ resource "google_container_node_pool" "zonal_pools" {
 
  disk_size_gb = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
  disk_type = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
- service_account = "${lookup(var.node_pools[count.index], "service_account", var.node_service_account)}"
+ service_account = "${lookup(var.node_pools[count.index], "service_account", "")}"
 
  oauth_scopes = [
  "https://www.googleapis.com/auth/cloud-platform",

examples/deploy_service/README.md

@@ -15,7 +15,6 @@ Expected variables:
 - `subnetwork`
 - `ip_range_pods`
 - `ip_range_services`
-- `node_service_account` - Only needed if you've deleted the default service account from your project
 
 To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins

examples/deploy_service/main.tf

@@ -32,15 +32,14 @@ provider "kubernetes" {
 data "google_client_config" "default" {}
 
 module "gke" {
- source = "../../"
- project_id = "${var.project_id}"
- name = "deploy-service-cluster"
- region = "${var.region}"
- network = "${var.network}"
- subnetwork = "${var.subnetwork}"
- ip_range_pods = "${var.ip_range_pods}"
- ip_range_services = "${var.ip_range_services}"
- node_service_account = "${var.node_service_account}"
+ source = "../../"
+ project_id = "${var.project_id}"
+ name = "deploy-service-cluster"
+ region = "${var.region}"
+ network = "${var.network}"
+ subnetwork = "${var.subnetwork}"
+ ip_range_pods = "${var.ip_range_pods}"
+ ip_range_services = "${var.ip_range_services}"
 }
 
 resource "kubernetes_pod" "nginx-example" {

examples/deploy_service/variables.tf

@@ -37,8 +37,3 @@ variable "ip_range_pods" {
 variable "ip_range_services" {
  description = "The secondary ip range to use for pods"
 }
-
-variable "node_service_account" {
- description = "Service account to associate to the nodes (defaults to the default service account on the project)"
- default = ""
-}

examples/node_pool/README.md

@@ -9,7 +9,7 @@ Expected variables:
 - `subnetwork`
 - `ip_range_pods`
 - `ip_range_services`
-- `node_service_account` - Only needed if you've deleted the default service account from your project
+- `pool_01_service_account` - Only needed if you've deleted the default service account from your project
 
 To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins

examples/node_pool/main.tf

@@ -23,15 +23,14 @@ provider "google" {
 }
 
 module "gke" {
- source = "../../"
- project_id = "${var.project_id}"
- name = "node-pool-cluster"
- region = "${var.region}"
- network = "${var.network}"
- subnetwork = "${var.subnetwork}"
- ip_range_pods = "${var.ip_range_pods}"
- ip_range_services = "${var.ip_range_services}"
- node_service_account = "${var.node_service_account}"
+ source = "../../"
+ project_id = "${var.project_id}"
+ name = "node-pool-cluster"
+ region = "${var.region}"
+ network = "${var.network}"
+ subnetwork = "${var.subnetwork}"
+ ip_range_pods = "${var.ip_range_pods}"
+ ip_range_services = "${var.ip_range_services}"
 
  node_pools = [
  {

examples/node_pool/variables.tf

@@ -38,11 +38,6 @@ variable "ip_range_services" {
  description = "The secondary ip range to use for pods"
 }
 
-variable "node_service_account" {
- description = "Service account to associate to the nodes (defaults to the default service account on the project)"
- default = ""
-}
-
 variable "pool_01_service_account" {
  description = "Service account to associate to the nodes on pool-01"
 }

examples/shared_vpc/README.md

@@ -10,7 +10,6 @@ Expected variables:
 - `subnetwork`
 - `ip_range_pods`
 - `ip_range_services`
-- `node_service_account` - Only needed if you've deleted the default service account from your project
 
 To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins